port-nimara-client-portal/plugins/00.startup-check.server.ts

import { mkdir } from 'fs/promises'
import { existsSync } from 'fs'
import { join } from 'path'
import { keycloakClient } from '~/server/utils/keycloak-client'

let isAppReady = false

export default defineNitroPlugin(async (nitroApp) => {
  console.log('[STARTUP] Server-side initialization starting...')
  
  try {
    // Ensure data directories exist
    const dataDir = './data'
    const oidcSessionsDir = './data/oidc-sessions'
    const sessionsDir = './data/sessions'
    
    console.log('[STARTUP] Checking storage directories...')
    
    // Create directories if they don't exist
    const dirs = [dataDir, oidcSessionsDir, sessionsDir]
    for (const dir of dirs) {
      if (!existsSync(dir)) {
        console.log(`[STARTUP] Creating directory: ${dir}`)
        await mkdir(dir, { recursive: true })
        console.log(`[STARTUP] Successfully created: ${dir}`)
      } else {
        console.log(`[STARTUP] Directory exists: ${dir}`)
      }
    }
    
    // Check environment variables
    console.log('[STARTUP] Checking authentication environment variables...')
    const requiredEnvVars = [
      'KEYCLOAK_CLIENT_SECRET',
      'COOKIE_DOMAIN'
    ]
    
    let envVarsOk = true
    for (const envVar of requiredEnvVars) {
      const value = process.env[envVar]
      if (value) {
        console.log(`[STARTUP] ✅ ${envVar}: present (length: ${value.length})`)
      } else {
        console.error(`[STARTUP] ❌ ${envVar}: MISSING`)
        envVarsOk = false
      }
    }
    
    if (!envVarsOk) {
      console.error('[STARTUP] ❌ Required environment variables missing - authentication may fail')
    }
    
    // Warm up Keycloak connections
    console.log('[STARTUP] Warming up Keycloak connections...')
    try {
      // Test the circuit breaker status endpoint (doesn't require auth)
      const circuitStatus = keycloakClient.getCircuitBreakerStatus()
      console.log('[STARTUP] ✅ Keycloak client initialized:', circuitStatus)
      
      // Optionally test connectivity (uncomment if needed)
      // const testUrl = 'https://auth.portnimara.dev/realms/client-portal/.well-known/openid-configuration'
      // await keycloakClient.fetch(testUrl, {}, { timeout: 5000, retries: 1 })
      // console.log('[STARTUP] ✅ Keycloak connectivity verified')
      
    } catch (error) {
      console.error('[STARTUP] ⚠️ Keycloak warmup failed:', error)
      // Continue anyway - circuit breaker will handle runtime failures
    }
    
    // Mark app as ready
    isAppReady = true
    console.log('[STARTUP] ✅ Server-side initialization complete - app ready')
    
  } catch (error) {
    console.error('[STARTUP] ❌ Server-side initialization error:', error)
    // Don't throw - let the app continue with fallback behavior
    isAppReady = true // Allow app to start even with initialization errors
  }
})

// Export readiness check for health endpoint
export const getAppReadiness = () => ({
  ready: isAppReady,
  keycloakCircuitBreaker: keycloakClient.getCircuitBreakerStatus()
})
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`import { mkdir } from 'fs/promises'`
			`import { existsSync } from 'fs'`
			`import { join } from 'path'`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`import { keycloakClient } from '~/server/utils/keycloak-client'`

			`let isAppReady = false`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00
			`export default defineNitroPlugin(async (nitroApp) => {`
			`console.log('[STARTUP] Server-side initialization starting...')`

			`try {`
			`// Ensure data directories exist`
			`const dataDir = './data'`
			`const oidcSessionsDir = './data/oidc-sessions'`
			`const sessionsDir = './data/sessions'`

			`console.log('[STARTUP] Checking storage directories...')`

			`// Create directories if they don't exist`
			`const dirs = [dataDir, oidcSessionsDir, sessionsDir]`
			`for (const dir of dirs) {`
			`if (!existsSync(dir)) {`
			console.log(`[STARTUP] Creating directory: ${dir}`)
			`await mkdir(dir, { recursive: true })`
			console.log(`[STARTUP] Successfully created: ${dir}`)
			`} else {`
			console.log(`[STARTUP] Directory exists: ${dir}`)
			`}`
			`}`

			`// Check environment variables`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`console.log('[STARTUP] Checking authentication environment variables...')`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`const requiredEnvVars = [`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`'KEYCLOAK_CLIENT_SECRET',`
			`'COOKIE_DOMAIN'`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`]`

FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`let envVarsOk = true`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`for (const envVar of requiredEnvVars) {`
			`const value = process.env[envVar]`
			`if (value) {`
			console.log(`[STARTUP] ✅ ${envVar}: present (length: ${value.length})`)
			`} else {`
			console.error(`[STARTUP] ❌ ${envVar}: MISSING`)
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`envVarsOk = false`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`}`
			`}`

FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`if (!envVarsOk) {`
			`console.error('[STARTUP] ❌ Required environment variables missing - authentication may fail')`
			`}`

			`// Warm up Keycloak connections`
			`console.log('[STARTUP] Warming up Keycloak connections...')`
			`try {`
			`// Test the circuit breaker status endpoint (doesn't require auth)`
			`const circuitStatus = keycloakClient.getCircuitBreakerStatus()`
			`console.log('[STARTUP] ✅ Keycloak client initialized:', circuitStatus)`

			`// Optionally test connectivity (uncomment if needed)`
			`// const testUrl = 'https://auth.portnimara.dev/realms/client-portal/.well-known/openid-configuration'`
			`// await keycloakClient.fetch(testUrl, {}, { timeout: 5000, retries: 1 })`
			`// console.log('[STARTUP] ✅ Keycloak connectivity verified')`

			`} catch (error) {`
			`console.error('[STARTUP] ⚠️ Keycloak warmup failed:', error)`
			`// Continue anyway - circuit breaker will handle runtime failures`
			`}`

			`// Mark app as ready`
			`isAppReady = true`
			`console.log('[STARTUP] ✅ Server-side initialization complete - app ready')`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00
			`} catch (error) {`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`console.error('[STARTUP] ❌ Server-side initialization error:', error)`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`// Don't throw - let the app continue with fallback behavior`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00			`isAppReady = true // Allow app to start even with initialization errors`
DEBUG: Add comprehensive startup checks and improve OIDC configuration ## Debugging Improvements Added: ### Startup Monitoring: - plugins/00.startup-check.server.ts - Server-side initialization checks - plugins/00.startup-check.client.ts - Client-side debugging - server/api/health.ts - Health check endpoint ### OIDC Configuration Fixes: - Reordered modules: uxt-oidc-auth loads after uetify-nuxt-module - Temporarily removed file-based storage configuration (potential issue) - Maintained all session settings and provider configuration ### Server-Side Checks: - Auto-creates required directories (./data/oidc-sessions, ./data/sessions) - Validates all required environment variables are present - Logs initialization progress and any errors ### Client-Side Monitoring: - Detects OAuth callback URLs for debugging - Checks storage availability - Monitors startup process ### Health Endpoint: - /api/health - Check server status and OIDC configuration - Reports environment variables status - Shows uptime and basic system info ## Expected Results: Detailed logs will show exactly where initialization fails Health check endpoint works even if OIDC fails Better error handling prevents silent crashes Module loading order fixes potential conflicts Debugging info helps identify the 502 root cause ## Next Steps: 1. Deploy this updated container 2. Check startup logs for [STARTUP] messages 3. Test /api/health endpoint first 4. Monitor OAuth callback debugging info 5. Use logs to identify and fix remaining issues This maintains all existing functionality while adding comprehensive debugging! 2025-06-15 14:57:48 +02:00			`}`
			`})`
FEAT: Implement Keycloak client with circuit breaker and retry logic for improved authentication resilience 2025-06-17 14:50:34 +02:00
			`// Export readiness check for health endpoint`
			`export const getAppReadiness = () => ({`
			`ready: isAppReady,`
			`keycloakCircuitBreaker: keycloakClient.getCircuitBreakerStatus()`
			`})`